summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKN4CK3R <admin@oldschoolhack.me>2022-05-09 20:20:21 +0200
committerGitHub <noreply@github.com>2022-05-09 20:20:21 +0200
commit3da9dafc605d9160f317388a302578df55e46b98 (patch)
treec7fb4e63541e09d5d25c8785f820a4dae08fb98e
parenta61a47f9a00a387015a2f00f656f9f51dfd2b341 (diff)
downloadgitea-3da9dafc605d9160f317388a302578df55e46b98.tar.gz
gitea-3da9dafc605d9160f317388a302578df55e46b98.zip
Add Webfinger endpoint (#19462)
This adds the [Webfinger](https://webfinger.net/) endpoint for federation. Supported schemes are `acct` and `mailto`. The profile and avatar url are returned as metadata.
-rw-r--r--integrations/webfinger_test.go68
-rw-r--r--routers/web/web.go12
-rw-r--r--routers/web/webfinger.go111
3 files changed, 189 insertions, 2 deletions
diff --git a/integrations/webfinger_test.go b/integrations/webfinger_test.go
new file mode 100644
index 0000000000..8ba93c3f20
--- /dev/null
+++ b/integrations/webfinger_test.go
@@ -0,0 +1,68 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+ "fmt"
+ "net/http"
+ "net/url"
+ "testing"
+
+ "code.gitea.io/gitea/models/unittest"
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/setting"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestWebfinger(t *testing.T) {
+ defer prepareTestEnv(t)()
+
+ setting.Federation.Enabled = true
+ defer func() {
+ setting.Federation.Enabled = false
+ }()
+
+ user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+
+ appURL, _ := url.Parse(setting.AppURL)
+
+ type webfingerLink struct {
+ Rel string `json:"rel,omitempty"`
+ Type string `json:"type,omitempty"`
+ Href string `json:"href,omitempty"`
+ Titles map[string]string `json:"titles,omitempty"`
+ Properties map[string]interface{} `json:"properties,omitempty"`
+ }
+
+ type webfingerJRD struct {
+ Subject string `json:"subject,omitempty"`
+ Aliases []string `json:"aliases,omitempty"`
+ Properties map[string]interface{} `json:"properties,omitempty"`
+ Links []*webfingerLink `json:"links,omitempty"`
+ }
+
+ session := loginUser(t, "user1")
+
+ req := NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=acct:%s@%s", user.LowerName, appURL.Host))
+ resp := MakeRequest(t, req, http.StatusOK)
+
+ var jrd webfingerJRD
+ DecodeJSON(t, resp, &jrd)
+ assert.Equal(t, "acct:user2@"+appURL.Host, jrd.Subject)
+ assert.ElementsMatch(t, []string{user.HTMLURL()}, jrd.Aliases)
+
+ req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=acct:%s@%s", user.LowerName, "unknown.host"))
+ MakeRequest(t, req, http.StatusBadRequest)
+
+ req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=acct:%s@%s", "user31", appURL.Host))
+ MakeRequest(t, req, http.StatusNotFound)
+
+ req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=acct:%s@%s", "user31", appURL.Host))
+ session.MakeRequest(t, req, http.StatusOK)
+
+ req = NewRequest(t, "GET", fmt.Sprintf("/.well-known/webfinger?resource=mailto:%s", user.Email))
+ MakeRequest(t, req, http.StatusNotFound)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 38754025ee..97ea1e9035 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -282,6 +282,13 @@ func RegisterRoutes(m *web.Route) {
}
}
+ federationEnabled := func(ctx *context.Context) {
+ if !setting.Federation.Enabled {
+ ctx.Error(http.StatusNotFound)
+ return
+ }
+ }
+
// FIXME: not all routes need go through same middleware.
// Especially some AJAX requests, we can reduce middleware number to improve performance.
// Routers.
@@ -289,9 +296,10 @@ func RegisterRoutes(m *web.Route) {
m.Get("/", Home)
m.Group("/.well-known", func() {
m.Get("/openid-configuration", auth.OIDCWellKnown)
- if setting.Federation.Enabled {
+ m.Group("", func() {
m.Get("/nodeinfo", NodeInfoLinks)
- }
+ m.Get("/webfinger", WebfingerQuery)
+ }, federationEnabled)
m.Get("/change-password", func(w http.ResponseWriter, req *http.Request) {
http.Redirect(w, req, "/user/settings/account", http.StatusTemporaryRedirect)
})
diff --git a/routers/web/webfinger.go b/routers/web/webfinger.go
new file mode 100644
index 0000000000..27d0351b81
--- /dev/null
+++ b/routers/web/webfinger.go
@@ -0,0 +1,111 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package web
+
+import (
+ "fmt"
+ "net/http"
+ "net/url"
+ "strings"
+
+ user_model "code.gitea.io/gitea/models/user"
+ "code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
+ "code.gitea.io/gitea/modules/setting"
+)
+
+// https://datatracker.ietf.org/doc/html/draft-ietf-appsawg-webfinger-14#section-4.4
+
+type webfingerJRD struct {
+ Subject string `json:"subject,omitempty"`
+ Aliases []string `json:"aliases,omitempty"`
+ Properties map[string]interface{} `json:"properties,omitempty"`
+ Links []*webfingerLink `json:"links,omitempty"`
+}
+
+type webfingerLink struct {
+ Rel string `json:"rel,omitempty"`
+ Type string `json:"type,omitempty"`
+ Href string `json:"href,omitempty"`
+ Titles map[string]string `json:"titles,omitempty"`
+ Properties map[string]interface{} `json:"properties,omitempty"`
+}
+
+// WebfingerQuery returns informations about a resource
+// https://datatracker.ietf.org/doc/html/rfc7565
+func WebfingerQuery(ctx *context.Context) {
+ appURL, _ := url.Parse(setting.AppURL)
+
+ resource, err := url.Parse(ctx.FormTrim("resource"))
+ if err != nil {
+ ctx.Error(http.StatusBadRequest)
+ return
+ }
+
+ var u *user_model.User
+
+ switch resource.Scheme {
+ case "acct":
+ // allow only the current host
+ parts := strings.SplitN(resource.Opaque, "@", 2)
+ if len(parts) != 2 {
+ ctx.Error(http.StatusBadRequest)
+ return
+ }
+ if parts[1] != appURL.Host {
+ ctx.Error(http.StatusBadRequest)
+ return
+ }
+
+ u, err = user_model.GetUserByNameCtx(ctx, parts[0])
+ case "mailto":
+ u, err = user_model.GetUserByEmailContext(ctx, resource.Opaque)
+ if u != nil && u.KeepEmailPrivate {
+ err = user_model.ErrUserNotExist{}
+ }
+ default:
+ ctx.Error(http.StatusBadRequest)
+ return
+ }
+ if err != nil {
+ if user_model.IsErrUserNotExist(err) {
+ ctx.Error(http.StatusNotFound)
+ } else {
+ log.Error("Error getting user: %s Error: %v", resource.Opaque, err)
+ ctx.Error(http.StatusInternalServerError)
+ }
+ return
+ }
+
+ if !user_model.IsUserVisibleToViewer(u, ctx.Doer) {
+ ctx.Error(http.StatusNotFound)
+ return
+ }
+
+ aliases := []string{
+ u.HTMLURL(),
+ }
+ if !u.KeepEmailPrivate {
+ aliases = append(aliases, fmt.Sprintf("mailto:%s", u.Email))
+ }
+
+ links := []*webfingerLink{
+ {
+ Rel: "http://webfinger.net/rel/profile-page",
+ Type: "text/html",
+ Href: u.HTMLURL(),
+ },
+ {
+ Rel: "http://webfinger.net/rel/avatar",
+ Href: u.AvatarLink(),
+ },
+ }
+
+ ctx.JSON(http.StatusOK, &webfingerJRD{
+ Subject: fmt.Sprintf("acct:%s@%s", url.QueryEscape(u.Name), appURL.Host),
+ Aliases: aliases,
+ Links: links,
+ })
+}